Bug 243093 - SELinux is preventing vif-bridge (udev_t) "write" to xen (xend_var_log_t).
SELinux is preventing vif-bridge (udev_t) "write" to xen (xend_var_log_t).
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
7
x86_64 Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-06-07 05:34 EDT by Truong Xuan Tinh
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-08-22 10:08:17 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Truong Xuan Tinh 2007-06-07 05:34:47 EDT
Description of problem:
SELinux denied access requested by vif-bridge. It is not expected that this
access is required by vif-bridge and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Create a new Virtual machine using Virtual Machine Manager
2. System Name: CentOS5
3. Virtualized Method:Paravirtualized
4. Install Media URL : 
/media/SCSI0_VOL1/Linux_Distros/CentOS-5.0-x86_64-bin-DVD.iso
5. Simple File (/home/tinh/xen/CentOS5)with Allocate entire disk now 
check (6GB)
6. Virtual Network (default)
7. VM Max Memory: 512MB, VM Startup Memory: 512 MB, VCPUs: 2
8. 
  
Actual results:
Here is the error message I got from Virtual Machine Manager
Unable to complete install '<class 'libvirt.libvirtError'>
virDomainCreateLinux() failed POST operation failed: (xend.err 'Device 0 (vif)
could not be connected. Hotplug scripts not working.')
Traceback (most recent call last):
  File "/usr/share/virt-manager/virtManager/create.py", line 681, in do_install
    dom = guest.start_install(False, meter = meter)
  File "/usr/lib/python2.5/site-packages/virtinst/Guest.py", line 649, in
start_install
    return self._do_install(consolecb, meter)
  File "/usr/lib/python2.5/site-packages/virtinst/Guest.py", line 666, in
_do_install
    self.domain = self.conn.createLinux(install_xml, 0)
  File "/usr/lib64/python2.5/site-packages/libvirt.py", line 480, in createLinux
    if ret is None:raise libvirtError('virDomainCreateLinux() failed', conn=self)
libvirtError: virDomainCreateLinux() failed POST operation failed: (xend.err
'Device 0 (vif) could not be connected. Hotplug scripts not working.')
'

Expected results:


Additional info:
Source Context:  system_u:system_r:udev_t:SystemLow-SystemHighTarget
Context:  system_u:object_r:xend_var_log_tTarget Objects:  xen [ dir ]Affected
RPM Packages:  Policy RPM:  selinux-policy-2.6.4-13.fc7Selinux
Enabled:  TruePolicy Type:  targetedMLS Enabled:  TrueEnforcing
Mode:  EnforcingPlugin Name:  plugins.catchall_fileHost
Name:  localhost.localdomainPlatform:  Linux localhost.localdomain
2.6.20-2925.9.fc7xen #1 SMP Tue May 22 09:29:36 EDT 2007 x86_64 x86_64Alert
Count:  12First Seen:  Thu 07 Jun 2007 04:07:05 PM ICTLast Seen:  Thu 07 Jun
2007 04:30:26 PM ICTLocal ID:  739bc730-5bc8-493c-8252-29acce5d601cLine
Numbers:  Raw Audit Messages :avc: denied { write } for comm="vif-bridge"
dev=dm-0 egid=0 euid=0 exe="/bin/bash" exit=-13 fsgid=0 fsuid=0 gid=0 items=0
name="xen" pid=16233 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 sgid=0
subj=system_u:system_r:udev_t:s0-s0:c0.c1023 suid=0 tclass=dir
tcontext=system_u:object_r:xend_var_log_t:s0 tty=(none) uid=0
Comment 1 Daniel Walsh 2007-06-11 08:27:36 EDT
Fixed in selinux-policy-2.6.4-14
Comment 2 Daniel Walsh 2007-08-22 10:08:17 EDT
Closing as fixes are in the current release

Note You need to log in before you can comment on or make changes to this bug.